Thread Hijacking Phishing Attack Targets Pennsylvania Journalist

Thread Hijacking Phishing AttackA journalist in Pennsylvania was targeted by phishing attacks that involved thread hijacking, according to Brian Krebs at KrebsOnSecurity. 

The journalist for LancasterOnline, Brett Sholtis, had written a story last year about a wealthy businessman named Adam Kidan who pleaded guilty to fraud in 2005. Several months after the story was published, Sholtis received two emails from Kidan’s email account.

“One of the messages appeared to be a lengthy conversation between Kidan and a colleague, with the subject line, ‘Re: Successfully sent data,’” Krebs writes. “The second missive was a more brief email from Kidan with the subject, ‘Acknowledge New Work Order,’ and a message that read simply, ‘Please find the attached.’”

The emails contained attachments that would launch phishing pages designed to steal Microsoft Office 365 credentials.

“Sholtis said he clicked the attachment in one of the messages, which then launched a web page that looked exactly like a Microsoft Office 365 login page,” Krebs writes. “An analysis of the webpage reveals it would check any submitted credentials at the real Microsoft website, and return an error if the user entered bogus account information. A successful login would record the submitted credentials and forward the victim to the real Microsoft website.”

Fortunately, Sholtis recognized that the emails were suspicious, and didn’t fall for the attack. The emails grabbed his attention, however, since they came from a presumably compromised account belonging to Kidan.

“The best advice to sidestep phishing scams is to avoid clicking on links or attachments that arrive unbidden in emails, text messages, and other mediums,” Krebs writes. “If you’re unsure whether the message is legitimate, take a deep breath and visit the site or service in question manually — ideally, using a browser bookmark so as to avoid potential typosquatting sites.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

KrebsOnSecurity has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews